Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
afiori
8 days ago
|
parent
|
context
|
favorite
| on:
A proposal to restrict sites from accessing a user...
A WebSocket starts as a normal http request, so it is subject to cors if the initial request was (eg if it was a post)
hnav
8 days ago
|
next
[–]
websockets aren't subject to CORS, they send the initiating webpage in the Origin header but the server has to decide whether that's allowed.
reply
odo1242
8 days ago
|
prev
[–]
Unfortunately, the initial WebSocket HTTP request is defined to always be a GET request.
reply
Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
